Home page logo

dataloss logo Data Loss mailing list archives

After Target, Neiman Marcus breaches, does PCI compliance mean anything?
From: security curmudgeon <jericho () attrition org>
Date: Tue, 28 Jan 2014 19:30:56 -0600 (CST)

[ It never did =) - jericho ]

---------- Forwarded message ----------
From: InfoSec News <alerts () infosecnews org>


By Jaikumar Vijayan
January 24, 2014

The recent data breaches at Target and Neiman Marcus have once again shown 
that compliance with the Payment Card Industry Data Security Standard (PCI 
DSS) is no guarantee against an intrusion.

What's unclear is whether the problem lies in the standard itself, or the 
manner in which it is implemented and assessed.

Neiman Marcus on Thursday became the latest company to suggest that PCI 
compliance had brought it little security against a major intrusion.

In a letter to U.S. Sen. Richard Blumenthal (D-Conn.) explaining the 
recent breach that exposed 1.1 million payment cards, Neiman Marcus CIO 
Michael Kingston claimed the intrusion happened even though the company 
had security measures that exceeded PCI standards.

Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 


Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!

  By Date           By Thread  

Current thread:
  • After Target, Neiman Marcus breaches, does PCI compliance mean anything? security curmudgeon (Jan 31)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]